reCAPTCHA is a free service from Google that can be implemented in Moodle to make the site more secure and to help protect it from spam. Moodle docs offer information on reCAPTCHA in a few places, but no document offers a step-by-step on how to set it up. This resource offers to bridge the gap.
To begin, let’s assume that you’re using email-based self-registration and you’re implementing an additional layer of protection via reCAPTCHA.
First, enable email-based self-registration by going to Site administration > Plugins > Authentication > Manage authentication and enabling the method.
Next, scroll down on the manage authentication settings page and look for the reCAPTCHA site key and secret key entries. They should look like this (with no entries):
Note that there is a link available, which takes you to Google’s documentation on reCAPTCHA. Click this link and open up the Google documentation. At the time this article was written Google had introduced reCAPTCHA v3 but it is imperative to note that also at this current time only v2 is supported in Moodle. This will be important as you proceed.
Click the button at the top-right of the page that says “Get started with reCAPTCHA Enterprise”.
Give your project a unique name, perhaps ‘Moodle reCAPTCHA’. It should take about a minute to populate, and then you’ll see a screen like this where you can continue to your Google Cloud Console.
(Should you receive any sort of error by going to https://www.google.com/recaptcha/admin/enterprise and starting there you can also go directly to your Google Console and pick up with reCAPTCHA there, too.)
Assuming that the aforementioned process has worked for you, and you’re inside your Google Console on the reCAPTCHA key setup tab then your next step is to offer a name for your reCAPTCHA key. For the sake of continuity we’ll name ours Moodle reCAPTCHA, we’ll select “website” as the platform type it will be used for, and we’ll add the domain for the site. Google offers you the ability to specify what type of key you want to create - those are found under “Key type”.
Note that the only key type you can select for Moodle are v2 compatible key types. Those are explained in Google’s documentation and are:
the “I’m not a robot” checkbox
invisible reCAPTCHA badge
v2 reCAPTCHA Android
Create your key after your selections are made.
Because Moodle can only support reCAPTCHA v2 (legacy) you’ll need to take an extra step to locate and copy both the key ID and the secret for entry into Moodle.
After you created your key, you should have been taken to a console page like this:
Your next step is that you need to locate the “legacy” version of your reCAPTCHA element so you need to click the “--> Overview” option located on your new reCAPTCHA key.
Once you’re in the “Overview” display for your key click the “Integration” tab.
Now find the option to “Use legacy key”:
Copy the key that populates when you click the “Use legacy key” link. Add it into Moodle under “ReCAPTCHA secret key”.
Copy the Moodle reCAPTCHA ID that displays above your Overview, Integration, Bots, Logs tabs and enter that into Moodle under “ReCAPTCHA site key”.
Save your changes in Moodle.
Confirm your reCAPTCHA is working by simulating account creation and ensuring that your reCAPTCHA element displays properly on the login page, as shown below.
Try it out at https://www.google.com/recaptcha/api2/demo or read more of Google’s documentation.